Lucene search
K

6452 matches found

RedhatCVE
RedhatCVE
added 2026/06/05 7:27 p.m.12 views

CVE-2026-40942

The Data Sharing Framework DSF implements a distributed process engine based on the BPMN 2.0 and FHIR R4 standards. Prior to 2.1.0, The OIDC JWKS and Metadata Document caches used an inverted time comparison isBefore instead of isAfter, causing the cache to never return cached values. Every...

6.3CVSS5.5AI score0.00291EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:19 p.m.9 views

CVE-2026-49202

Internal multimedia session archives are accessible without authentication, exacerbated by loose Cross-Origin Resource Sharing CORS rules that allow cross-site theft...

8.8CVSS5.3AI score0.00257EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:18 p.m.9 views

CVE-2026-10868

A mass assignment vulnerability exists in the MISP user edit functionality due to insufficient filtering of user-supplied fields in UsersController::edit. When processing edit requests, the application accepted a user-controlled User.id value from request data. An authenticated attacker could cra...

9CVSS5.4AI score0.00239EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:13 p.m.10 views

CVE-2026-40600

Chartbrew is an open-source web application that can connect directly to databases and APIs and use the data to create charts. In version 4.9.0, Chartbrew allows authenticated users with access to one project to update or delete a SharePolicy record that belongs to a different project. The affect...

8.1CVSS5.4AI score0.00232EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:13 p.m.9 views

CVE-2026-40514

SmarterTools SmarterMail builds prior to 9610 contain a cryptographic weakness in the file and email sharing endpoints that use DES-CBC encryption with keys and initialization vectors derived from System.Random seeded with insufficient entropy, reducing the seed space to approximately 19,000...

9.1CVSS5.5AI score0.00155EPSS
Exploits0References1
Fedora
Fedora
added 2026/06/05 4:27 a.m.13 views

[SECURITY] Fedora 44 Update: python-starlette-0.52.1-2.fc44

Starlette is a lightweight ASGI framework/toolkit, which is ideal for building async web services in Python. It is production-ready, and gives you the following: =E2=80=A2 A lightweight, low-complexity HTTP web framework. =E2=80=A2 WebSocket support. =E2=80=A2 In-process background tasks. =E2=80=...

6.5CVSS5.8AI score0.01438EPSS
Exploits2
Cvelist
Cvelist
added 2026/06/05 12:0 a.m.36 views

CVE-2020-25900

HelloTalk through 3.4.1 stores full-precision GPS coordinates even when the user had intended to share only a country or city. Furthermore, these coordinates are placed into a database on the client of other users. The client side was changed in 2019 to encrypt that database...

5.3CVSS0.00201EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/06/05 12:0 a.m.10 views

CVE-2020-25900

HelloTalk through 3.4.1 stores full-precision GPS coordinates even when the user had intended to share only a country or city. Furthermore, these coordinates are placed into a database on the client of other users. The client side was changed in 2019 to encrypt that database...

5.3CVSS5.5AI score0.00201EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/06/05 12:0 a.m.18 views

PT-2026-46956

HelloTalk through 3.4.1 stores full-precision GPS coordinates even when the user had intended to share only a country or city. Furthermore, these coordinates are placed into a database on the client of other users. The client side was changed in 2019 to encrypt that database...

5.3CVSS5.5AI score0.00201EPSS
Exploits0References2
CVE
CVE
added 2026/06/05 12:0 a.m.16 views

CVE-2020-25900

Affected software: HelloTalk (up to version 3.4.1). Vulnerability summary: The app stores full‑precision GPS coordinates even when a user intends to share only a country or city, and these coordinates are placed into a client‑side database that is stored on other users’ devices. The client databa...

5.3CVSS5.5AI score0.00201EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/04 2:39 p.m.39 views

CVE-2026-10868 MISP user edit endpoint mass assignment vulnerability allows unauthorized user account modification

A mass assignment vulnerability exists in the MISP user edit functionality due to insufficient filtering of user-supplied fields in UsersController::edit. When processing edit requests, the application accepted a user-controlled User.id value from request data. An authenticated attacker could cra...

9CVSS0.00239EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/06/04 6:30 a.m.12 views

CVE-2026-49202 Unverified Meeting Recording Endpoints & Permissive CORS

Internal multimedia session archives are accessible without authentication, exacerbated by loose Cross-Origin Resource Sharing CORS rules that allow cross-site theft...

8.8CVSS5.7AI score0.00257EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/06/04 6:30 a.m.8 views

CVE-2026-49202

Internal multimedia session archives are accessible without authentication, exacerbated by loose Cross-Origin Resource Sharing CORS rules that allow cross-site theft...

8.8CVSS5.7AI score0.00257EPSS
Exploits0References2
CVE
CVE
added 2026/06/04 6:30 a.m.22 views

CVE-2026-49202

Technical details are not publicly available in the provided documents; monitor for updates.

8.8CVSS5.7AI score0.00257EPSS
Exploits0References1Affected Software1
Positive Technologies
Positive Technologies
added 2026/06/04 12:0 a.m.18 views

PT-2026-46153

Internal multimedia session archives are accessible without authentication, exacerbated by loose Cross-Origin Resource Sharing CORS rules that allow cross-site theft...

8.8CVSS5.7AI score0.00257EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/06/04 12:0 a.m.17 views

PT-2026-46881

Name of the Vulnerable Software and Affected Versions Nhost CLI affected versions not specified Description The hidden configserver used by nhost dev exposes the Mimir GraphQL API with permissive CORS and dummy authorization directives. This allows any process capable of reaching the developer's...

5.4CVSS6AI score0.00033EPSS
Exploits0References7
Positive Technologies
Positive Technologies
added 2026/06/04 12:0 a.m.13 views

PT-2026-46390

Name of the Vulnerable Software and Affected Versions IRIS versions prior to 2.4.28 Description IRIS is a web collaborative platform designed for incident responders to share technical details during investigations. The software is susceptible to a cross-site request forgery attack, which occurs...

4.3CVSS5.3AI score0.00174EPSS
Exploits0References4
CNNVD
CNNVD
added 2026/06/04 12:0 a.m.10 views

Acer M6E 安全漏洞

The Acer M6E is a portable 5G mobile hotspot device from Acer, a company based in Taiwan, China. The Acer M6E has a security vulnerability. This vulnerability stems from the ability to access internal multimedia session archives without authentication, and lax cross-site resource sharing rules...

8.8CVSS5.2AI score0.00257EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/06/04 12:0 a.m.11 views

MISP 安全漏洞

MISP is a set of open-source software solutions developed by MISP. This product is used for collecting, storing, distributing, and sharing network security metrics. It also includes features for analyzing threats to network security and malware analysis. MISP has a security vulnerability, which...

6.1CVSS5.4AI score0.00148EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/06/04 12:0 a.m.19 views

PT-2026-46226

Name of the Vulnerable Software and Affected Versions MISP affected versions not specified Description A URL validation flaw in the dashboard button widget allows a crafted relative-looking URL to be accepted as a local path while browsers interpret it as an external URL. The validation process...

6.1CVSS5.4AI score0.00148EPSS
Exploits0References4
Rows per page
Query Builder